On March 27 and 28, 2019, Paula presented Briefings and Arsenal sessions at Black Hat Asia 2019 in Singapore. CQURE Team has written over 200 hacking tools during penetration testing. They decided to choose the top 39 tools and pack them in a toolkit called CQTools.
This toolkit allows you to deliver complete attacks within the infrastructure, starting with sniffing and spoofing activities, going through information extraction, password extraction, custom shell generation, custom payload generation, hiding code from antivirus solutions, various keyloggers and leverage this information to deliver attacks.
Tools included (view whitepaper for full list of tools and usage)
CQWSLMon.exe – Windows Subsystem for Linux (WSL) is a compatibility layer for running Linux binary executables (in ELF format) natively on Windows 10 and Windows Server 2019.
CQRegKeyLastWriteTime.exe – Allows to extract information about the datetime when the Registry Key was modified for the last time.
CQNTDSDTDecrypter.exe – Decrypts ntds.ditfileby providing appropriate Bootkey, extractspassword hashes, KDS master root keys
CQDPAPIBlobDecrypter.exe – Decrypts Blob with DPAPI.
CQDPAPIBlobSearcher.exe – Search for DPAPI blobs inside a file.
CQDPAPIEncDec.exe – Encryptsand decryptstext using DPAPI.
CQDPAPIKeePassDBDecryptor.exe – Allows to decrypt KeePass database by using DPAPI data that is possessed from the domain.
CQETWKeylogger.exe – Keylogger based on ETW(Event Tracing for Windows).It only uses features built in Windows system, so noadditional software is needed to perform the attack.
CQImpersonate.exe – This tool allows to run a command in the context of any of the authenticated users from your system. This tool requires to be run in the LOCAL_SYSTEM context
CQRegTool.exe – Registry analyzer.